September 12, 2014: We have received reports of a scam initiated on cellular phones. Customers report receiving phone calls that appear to be automated messages from large national banks. The message informs customers that their credit or debit card has been blocked. The message instructs them to go to a personal link, or press a number to unblock the card. This is a typical phishing scam to try to obtain personal information from you or install malware on your phone. Do not respond to a text message from a financial institution asking for your personal information. Always call the bank's publicly listed phone number for assistance.
August 28, 2014: We take security threats very seriously and prioritize the security of your account information and log in credentials. You may have heard about the recent cyber-attack against Banks or about the earlier theft of 1.2 billion user name and password credentials by a Russian crime ring. Our online banking vendor has strong security measures in place to prevent our vulnerability to this attack.
July 11, 2014: We have enhanced Bill Payment Service to show a better view of your Payees and Payee Options. You can easily see if the Payee has an in-process payment, pending payment, or the last payment made to the Payee. When viewing past payment details you will now see the check cleared date and be able to view an image of the cleared check. Note, this is only for Payees who receive a check, not electronic payment.
July 8, 2014: Microsoft Security Update: Please be aware that on Tuesday, July 8, Microsoft issued security updates for Windows and Microsoft Internet Explorer. Microsoft's update addresses 29 vulnerabilities and is rated as a Critical Update for versions: IE6, IE7, IE8, IE9, IE10, and IE11 on affected Windows Servers. The most severe of these vulnerabilities allows an attacker to gain remote access to a user's computer by luring visitors to a specially crafted webpage.
Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. For customers who do not have automatic updating enabled, Microsoft Security Bulletin MS14-037 provides assistance.
For more information about these vulnerabilities you can view the Microsoft Security Bulletin here: https://technet.microsoft.com/library/security/ms14-037.
June 18, 2014 IMPORTANT NOTICE – SMART PHONE AND PC SECURITY MALWARE THREAT: Spveng and Dyreza
We take security issues very seriously and understand that you do too, San Diego Private Bank recommends end users employ security best practices to proactively mitigate this threat including:
• Installing an antivirus app and keeping it updated
• Avoiding installing Android apps from third-party websites or unreliable sources
• Reading the permissions requested by every application before installing
• Performing regular backup of data stored in Android devices
• Protecting devices with a password
• Not viewing or sharing personal information over a public Wi-Fi network
Additional information about Svpeng and Dyreza:
What is Dyreza?
Dyreza or "Dyre" is a new family of malware that targets Online Banking users and redirects traffic to malicious servers. Dyreza is spread through spam e-mail messages such as "Your FEDTAX payment ID[random number]" and "RE:Invoice # [random number]." These messages contain a ".zip" file often hosted on legitimate domains to minimize suspicion. Opening this file infects the computer with malware. Using a technique called "browser hooking" Dyreza views unencrypted web traffic in the Chrome, Firefox and Internet Explorer browsers, and captures an enduser's credentials by sending the user to malicious servers, while the end user thinks they are securely connected to their financial institution's legitimate website.
Is my Phone vulnerable to Svpeng and Dyreza?
iPhones and Android devices use different operating sytems. Svpeng specifically targets the Android operating system. Dyreza does not target mobile devices; it exploits Chrome, Firefox and Internet Explorer browsers.
What is Svpeng?
Svpeng is a new malicious malware, ransomware app for Android devices. Svpeng searches for specific mobile banking apps on the device, then locks the device and demands money to unlock it. In the U.S., Svpeng breaks into a mobile device thourgh a social engineering campaign using text messages.
Svpeng capabilities include:
• Spoofing legitimate banking applications
• Stealing personal banking information
• Capturing user input, including passwords
• Sending SMS messages to permium numbers without user's knowledge resulting in charges
• Sending SMS messages
• Stealing contact information and pictures
• Tracking user location
FDIC CONSUMER NEWS! The FDIC Consumer Quarterly Newsletter is now available. You can get a copy at our offices or at www.fdic.gov/consumernews
Online Banking includes a secure multi-layer log in. You may be prompted to enter a one-time verification code if using a pc that is not recognized. To enable your phone to receive one-time verification codes via voice message or text, click on the ""My Settings"" button at the top of the page in online banking. For the best security protection we suggest that you always use both your phone and your password. If you opt to enroll your computer, we recommend that you do so only on computers that you personally own and that have the latest updates and virus protection software installed on them.